Contact Form

Name

Email *

Message *

HTTPS Made Easy- what it means and why it's important for the average users.

You may have noticed, while surfing the web, that sometimes webpages look different than usual.
When you log to your email account or your bank account or you operate financial transactions (e.g. buying from eCommerce websites such as Amazon.com), you'll see that the URL of the page starts with https:// instead of http:// and that a padlock icon is displayed.

That happens because these pages utilize a more secure protocol, i.e. HTTPS.

HTTPS stands for Hypertext Transfer Protocol Secure, a protocol which utilizes encryption to protect data being transferred during an important transaction. It's active on port 443 (HTTP works on port 80) and it's based on public key cryptography. This means that on both computers involved in a data transfer a security certificate has been installed and the traffic can only be decrypted when the certificates on the two PC's match.


The Public Key Infrastructure model is based on trusted root certificate authorities, called Root Authorities, which are blindly trusted and can be chosen by the user on its own or (more likely) be preconfigured with the browser. Trusted authorities may issue certificates to other authorities and allow them to issue certificates (these second-level authorities are called intermediate certificate authorities). The intermediate CAs may recursively issue certificates to other authorities but only within certain limits. When certificates are stolen or compromise but come from a trusted authority, they are blind trusted if they're not revoked or replaced and this way a hacker can redirect to a page similar to a well-known and trusted website to steal your data.  He does that by intercepting the traffic between your computer and destination server and hijacking it towards a malicious page. This is called man in the middle attack. Authorities check constantly their certificates to prevent this and, when a website you want to visit lacks a secure certificate, your browser displays a warning (Fig. 1).


Users should always check that the page is encrypted when dealing with important data transfers, by making sure that the URL starts with https:// and that a (closed) padlock icon is displayed next to the URL of the page (Fig. 2).

Fig. 1

Fig. 2 (Click to enlarge)
Fig. 3 (Click to enlarge)
Fig. 4 (Click to enlarge)  


Fig. 5 (Click to enlarge)
Fig. 6 (Click to enlarge)

You can track the information related to to the certificate and the identity of the website's owner by clicking the padlock icon (Fig. 3). You'll be shown the kind of encryption being used (usually a 128-bit encryption) and the identity of the owner by selecting more information (Fig. 4, Fig. 5, Fig. 6); if you can retrieve plausible data about this, you should be relatively confident to be on a legitimate webpage. Sadly that doesn't mean you can be 100% safe. If a hacker installs a root certificate on your machine, he can impersonate any Internet sites.

So be extremely cautious and don't trust anything.

If you visit a website and it looks different from what it generally is, heads up. If websites often change look, this can be sometimes a clue you're on a defaced website.

Never trust any links embedded in emails coming from somebody you don't know. For example some days ago I got an email from one of my Twitter connections who invited me to visit a certain link.

The link led to Twitter login page, which shouldn't have been, as I was already logged to Twitter.

That's when you're shown a red flag: I had ended up on a webpage looking like Twitter designed to hack my account. Needless to say, I closed it immediately and that's what you should do, too, in this case.

How to identify a malicious website

Nothing can guarantee you a total security but much can be done to reduce the likelihoods of an identity theft or data loss.
  • Go with your guts. If a website looks suspicious because of a different interface, different colors or templates or you notice grammar and spelling errors or something anyway doesn't add up, close the page and delete your browser cache and your cookies. 
Who sends you these malicious emails uses very often a URL shortener. URL shorteners became very popular with Twitter because you can use only 140 characters to compose a tweet. Once you click the shortened link, you'll be redirected to the actual webpage behind it.

This system has a downside, though; it makes it hard to track down the original URL of the page because you won't be shown a a page in the format we all are used to (http://www.google.com) but something like this: http://t.co/TyuWtpoSbq which is much harder to figure out and to track down (in case you're curious, it leads to one of my older posts). For this very reason, spammers and crackers send you links to malicious websites in a shortened form.
  • Be extremely cautious about shortened URLs. Don't open them or, if you just need to, analyze them with third-party websites that can track them down and reveal the actual page behind them. 
         I used http://vurl.mysteryfcm.co.uk/ and I found out that the link I was sent was listed as malware, like I had suspected (Fig. 7).       
Fig. 7 (click to enlarge)



















Wrap-up

HTTPS was introduced to guarantee security for important data transfers involving personal or financial information. Each computer user can be impacted by a faulty implementation of this protocol, as important security breaches have recently shown.

A cyber war is being fought out there, between criminals trying to find more and more sophisticated ways to steal and resell personal and financial information and law enforcement authorities contrasting them by adopting more and more advanced tools.

Let's only hope the good guys can have a shot at winning it.

Comments

Related Posts Plugin for WordPress, Blogger...